diff --git a/plugins/modules/hcloud_firewall.py b/plugins/modules/hcloud_firewall.py
index fba7bcde..5eb64aa6 100644
--- a/plugins/modules/hcloud_firewall.py
+++ b/plugins/modules/hcloud_firewall.py
@@ -296,13 +296,17 @@ def _prepare_result_rule(self, rule):
             "description": to_native(rule.description) if rule.description is not None else None,
         }
 
-    def _prepare_result_applied_to(self, resource: FirewallResource) -> Dict[str, Any]:
+    def _prepare_result_applied_to(
+        self,
+        resource: FirewallResource,
+        applied_to_resources: bool = True,
+    ) -> Dict[str, Any]:
         result = {
             "type": resource.type,
             "server": to_native(resource.server.id) if resource.server is not None else None,
             "label_selector": resource.label_selector.selector if resource.label_selector is not None else None,
         }
-        if resource.applied_to_resources is not None:
+        if applied_to_resources and resource.applied_to_resources is not None:
             result["applied_to_resources"] = [
                 {
                     "type": item.type,
@@ -403,7 +407,10 @@ def _update_firewall(self):
                 self.hcloud_firewall.set_rules(new_rules)
             self._mark_as_changed()
 
-        applied_to = [self._prepare_result_applied_to(resource) for resource in self.hcloud_firewall.applied_to]
+        applied_to = [
+            self._prepare_result_applied_to(resource, applied_to_resources=False)
+            for resource in self.hcloud_firewall.applied_to
+        ]
 
         apply_to: Optional[List[Dict[str, Any]]] = self.module.params.get("apply_to")
         if apply_to is not None:
diff --git a/tests/integration/targets/hcloud_firewall/tasks/test.yml b/tests/integration/targets/hcloud_firewall/tasks/test.yml
index e9571dc0..dfd37fff 100644
--- a/tests/integration/targets/hcloud_firewall/tasks/test.yml
+++ b/tests/integration/targets/hcloud_firewall/tasks/test.yml
@@ -140,27 +140,27 @@
     that:
       - result is not changed
 
-- name: test update firewall remove_from
+- name: test update firewall remove_from with server
   hetzner.hcloud.hcloud_firewall:
     name: "{{ hcloud_firewall_name }}"
     remove_from:
       - type: server
         server: "{{ test_server.hcloud_server.id }}"
   register: result
-- name: verify update firewall remove_from
+- name: verify update firewall remove_from  with server
   assert:
     that:
       - result is changed
       - result.hcloud_firewall.applied_to | list | count == 0
 
-- name: test update firewall remove_from idempotence
+- name: test update firewall remove_from with server idempotence
   hetzner.hcloud.hcloud_firewall:
     name: "{{ hcloud_firewall_name }}"
     remove_from:
       - type: server
         server: "{{ test_server.hcloud_server.id }}"
   register: result
-- name: verify update firewall remove_from idempotence
+- name: verify update firewall remove_from with server idempotence
   assert:
     that:
       - result is not changed
@@ -192,6 +192,31 @@
     that:
       - result is not changed
 
+- name: test update firewall remove_from with label_selector
+  hetzner.hcloud.hcloud_firewall:
+    name: "{{ hcloud_firewall_name }}"
+    remove_from:
+      - type: label_selector
+        label_selector: key=value
+  register: result
+- name: verify update firewall remove_from  with label_selector
+  assert:
+    that:
+      - result is changed
+      - result.hcloud_firewall.applied_to | list | count == 0
+
+- name: test update firewall remove_from with label_selector idempotence
+  hetzner.hcloud.hcloud_firewall:
+    name: "{{ hcloud_firewall_name }}"
+    remove_from:
+      - type: label_selector
+        label_selector: key=value
+  register: result
+- name: verify update firewall remove_from with label_selector idempotence
+  assert:
+    that:
+      - result is not changed
+
 - name: test update firewall with check mode
   hetzner.hcloud.hcloud_firewall:
     id: "{{ firewall.hcloud_firewall.id }}"